Secured repair data package

ABSTRACT

An arrangement for storing a data set in an ECU in a vehicle control system, wherein the arrangement includes a computer connected to the vehicle, where the computer is adapted to execute an access application, where the access application includes vehicle specific information and service action specific information, and where the information is encrypted, where the arrangement is adapted to decrypt the vehicle specific information and the service action specific information, to unlock the vehicle ECU by sending a password from the computer to the ECU, to perform a service action by storing service action specific information in the ECU, to lock the ECU by sending a lock command to the ECU from the computer, and to corrupt the access application software such that it cannot be used again.

BACKGROUND AND SUMMARY

The present invention relates to an arrangement and method for storing adata set in an ECU in a vehicle control system according to the preambleof claim 1. The invention further relates to a computer program adaptedto perform a method for storing a data set in an ECU in a vehiclecontrol system when said program is run on a computer, and a computerprogram product comprising such program code means stored on a computerreadable medium. The arrangement is suitable for workshops working withvehicles of different kinds, both passenger vehicles and heavy vehicles.

In a work shop for repairing vehicles, computers are used more and moreboth for diagnostics of faults on the vehicle and for updates of thevehicle control system. Normally, each vehicle manufacturer uses theirown specific computer equipped instruments for diagnostic purposes andalso their own computer based system for updating the control system ofthe vehicle. The vehicle control system comprises several ElectronicControl Units (ECU) connected to each other through one or more busssystems, where each ECU comprises a specific software adapted for thatspecific ECU and the functions controlled by the ECU.

By connecting the workshop update system for updating the software inone or more ECUs in the vehicle, a handshake routine is performedbetween the workshop update system and the ECU in order to prepare theECU for the update and to make sure that the workshop system isauthorized to update the ECU. When the handshake is successfullyfinished, the new software or data can be uploaded to the ECU and storedin a memory in the ECU. When the update is completed, the ECU isreturned to a working condition.

In order to ensure that only authorized workshops can update software inthe control system of the vehicle, the initial handshake between theworkshop update system and the ECU will normally comprise an unlockprocedure in which the workshop update system sends a password to theECU in order to unlock the ECU and to make sure that the workshop updatesystem is authorized to update the ECU. When the update is completed,the ECU is locked again such that no unauthorised personal can accessthe ECU. This unlock procedure is manufacturer specific and is normallyintegrated in the specific workshop update system provided by amanufacturer. The use of such a system is normally only allowed forapproved and appointed retailers and distributors and their workshops.

Coming legislation will force the vehicle manufacturers to provideinformation regarding diagnostics and updates of the vehicle controlsystem both to independent workshops and to external tool vendors. Inthis way, independent workshops will be able to diagnose and updatevehicles from different manufacturers by using the same protocols as theofficial workshops of a specific manufacturer. External tool vendorswill be able to offer computerized tools for both diagnostics and forupdating data in vehicles of different manufacturers.

The purpose of the new legislation is to prevent manufacturers to stopindependent workshops from repairing vehicles from that manufacturer. Afurther purpose is to allow independent tool vendors to provide tools toindependent workshops that can communicate with vehicles from differentmanufacturers. In this way, it will be easier for an independentworkshop to afford the tools required for repairs of a vehicle from aspecific manufacturer. The specific original tools offered by themanufacturer have historically been too expensive for most independentworkshops, especially considering when a workshop needs tools formseveral different manufacturers. Sometimes, a specific tool is requiredfor each vehicle model. This situation has lead to the fact that somerepairs on a vehicle has only been possible to do atmanufacturer-approved workshops.

Because of this, the manufacturer must be able to ensure that theirvehicles are safe to be used in traffic and that they have not beenmanipulated with by a third party. If a workshop accidentally or onpurpose updates the wrong data or changes the wrong software, theconsequence may be that the vehicle no longer behaves as expected. Thisin turn will lead to insecurity for the user, concerning who isresponsible for the performance and specifications of the vehicle.Several cases are already known, where the manufacturer of a vehicle hashad to justify the performance and specifications of a vehicle involvedin an accident, on which vehicle an independent workshop had mademodifications which were not approved by the manufacturer. Thesemodifications did not involve any data update in the vehicle controlsystem. When every workshop has the possibility to update data in thevehicle control system, it will be impossible for a manufacturer toguarantee the road safety of their vehicles without any type ofauthorization to perform the update.

At the same time, the manufacturer must also be able to guarantee thespecifications of a vehicle, e.g. when it comes to carbon dioxideemissions or the power of the engine. There is a possibility thatunscrupulous workshops or mechanics use the possibility to modify datain order to manipulate the specifications of the vehicle such that thespecifications no longer conform to the specifications of the originalvehicle.

U.S. Pat. No. 7,551,986 describes a system for distributing software toa vehicle. A program distribution system having a vehicle type table isused to distribute vehicle-specific software using an in-vehiclegateway. The program distributing system can also use an identifier tocontrol that no alterations has been made to the software during thedistribution. This solution may solve the problem of distributingsoftware to a vehicle in a secure way, but does not mention the problemof updating data in the vehicle.

There is thus room for improvements.

It is desirable to provide an improved arrangement for storing a dataset in an ECU in a vehicle control system. It is also desirable toprovide an improved method for storing a data set in an ECU in a vehiclecontrol system.

In an arrangement for storing a data set in an ECU in a vehicle controlsystem, wherein the arrangement comprises a computer means connected tothe vehicle, where the computer means is adapted to execute an accessapplication, where the access application comprises vehicle specificinformation and service action specific information, and where theinformation is encrypted, where the arrangement is adapted to decryptthe vehicle specific information and the service action specificinformation, to unlock the vehicle ECU by sending a password from thecomputer means to the ECU, to perform a service action by storingservice action specific information in the ECU and to lock the ECU bysending a lock command to the ECU from the computer means, thearrangement is adapted to corrupt the access application software afterthe service action specific information is stored in the ECU such thatit cannot be used again.

By this first embodiment of the arrangement for storing a data set in anECU in a vehicle control system, an arrangement with which anindependent workshop can be allowed to update a vehicle in a securemanner is obtained. In the inventive arrangement, the independentworkshop receives a specific access application from the manufacturer,which corresponds to the exact needs of the workshop for that specificrepair action. When the access application is ordered by the workshop,the workshop specifies the exact vehicle, e.g. by supplying the serialnumber of the vehicle, and the repair action that is to be performed. Acentral database of the manufacturer will then compile the accessapplication for that specific repair action. The access application willcomprise all the necessary code and data that will be required to accessand update the vehicle control system. The data will be encrypted suchthat unauthorized access to the data itself is prohibited. The accessapplication will further comprise a function that will corrupt theaccess application when the repair action is completed, such that theaccess application cannot be used more than once. In this way, themanufacturer can allow any independent workshop to perform repairactions requiring software updates in a secure and controlled manner,without the risk that a third party will be able to retrieve secretinformation.

In an advantageous development of the inventive arrangement, the accessapplication is adapted to be used for a predefined number of vehicles,and the corruption of the access application software is performed afterthe access application has been used the predefined number of times. Inthis way, it is possible for a work shop to order an access applicationthat can be used for several similar vehicles, where at least thespecification for the specific component is the same. This may e.g. bethe case for a general component that is used on several different typesof cars, and where the access application only contains specificinformation regarding that specific component, e.g. calibration data ordata that identifies that specific component. Such data may e.g. be dataidentifying a specific type of brake pads used to set the brakeparameters of the vehicle or calibration data for a specific sensor usedon different car models. This may be advantageous for fleet owners thatowns several similar or identical vehicles, or for workshops performinga campaign when several identical components are replaced.

In an advantageous development of the inventive arrangement, thearrangement is adapted to update one or more data parameterscorresponding to a vehicle component. In this way, it is possible toupdate an ECU of the vehicle control system with new parameterscorresponding to a specific vehicle component, e.g. calibration data fora replaced component. It is also possible to recalibrate an existingvehicle component, e.g. due to drift or to adapt it to another replacedvehicle component. Since the source code or the original access codemust not be supplied to the workshop in question, the manufacturer canallow independent workshops to replace vehicle components that require asoftware update of the vehicle control system.

It is also possible to update one or more data parameters correspondingto different vehicle components at the same time. In this way, more thanone ECU of the vehicle control system may be updated with new parameterscorresponding to the different vehicle components by using the sameaccess application.

In an advantageous development of the inventive arrangement, thearrangement is adapted to add a software module to existing software inthe ECU. This will allow independent workshops to add functions to thevehicle control system, both dedicated software functions and softwarefunctions associated with a new vehicle component that is added to thevehicle.

In an advantageous development of the inventive arrangement, the accessapplication is compiled by the manufacturer of the specific vehicle. Inthis way, it is ensured that the access application is adapted to thespecific vehicle. Since the data of the manufacturer regarding aspecific vehicle is always up to date, compatibility issues are reducedas much as possible.

In an advantageous development of the inventive arrangement, the accessapplication comprises information that will unlock more than one ECU inthe vehicle. In this way, updates in the vehicle control system can beperformed for vehicle parameters that are stored in more than onelocation.

In an advantageous development of the inventive arrangement, the accessapplication for a specific vehicle is compiled by the manufacturer ofthe vehicle when a workshop demands it. This is of advantage for vehicledata that relies on other vehicle systems that in turn may be updated.In this way, it is ensured that the latest vehicle data is always used.

In an advantageous development of the inventive arrangement, the accessapplication that comprises data corresponding to a specific hardwarepart is compiled when the hardware part is produced. In this way, thespecific parameter, e.g. calibration parameters, for a component can beretrieved in an easy way. The access application may be linked to thehardware part by a unique number, which enables the access applicationto be retrieved by sending the unique number to the manufacturer of thehardware part and/or to the manufacturer of the vehicle. In this way,the workshop can obtain the access application without the need ofsupplying the vehicle specifications.

In a method for storing a data set in an ECU in a vehicle controlsystem, the steps of executing an access application on a computerconnected to the vehicle, where the access application comprises vehiclespecific information and service action specific information, where theinformation is encrypted, decrypting the vehicle specific informationand the service action specific information by the access application,unlocking the vehicle ECU by sending a password from the accessapplication to the ECU, performing a service action by storing serviceaction specific information in the ECU, locking the ECU by sending alock command to the ECU from the access application, and corrupting theaccess application software such that it cannot be used again arecomprised.

With the inventive method, a safe and secure way to update and store adata set in a vehicle control system is obtained. Since all importantinformation required for performing the update is included in the accessapplication, which is decrypted, independent workshops can be entrustedto perform software updates on vehicles from a specific manufacturer.The inventive method further allows independent tool vendors to supplyupdate tools for different vehicles, without the need to provide thetool vendor with manufacturer specific data, such as passwords to thevehicle control system. The manufacturer of a vehicle will thus be ableto ensure the specifications of a vehicle even when a componentrequiring a data update has been replaced by an independent workshop.The method further ensures that the correct data parameters are used forthe update, since the access application is compiled by themanufacturer.

In an advantageous development of the inventive method, the serviceaction comprises an update of data parameters corresponding to a vehiclecomponent. The advantage is that the vehicle control system can beupdated or recalibrated with new parameters corresponding to a specificvehicle component, e.g. calibration data for a replaced component, in aneasy and secure manner. Since the source code or the original accesscode must not be supplied to the workshop in question, the manufacturercan allow independent workshops to replace vehicle components thatrequire a software update of the vehicle control system.

In an advantageous development of the inventive method, the serviceaction comprises adding a software module to existing software in theECU. In this way, a software function can be added to the vehiclecontrol system, both a dedicated software function and a softwarefunction associated with a new vehicle component that is to be mountedto the vehicle. This allows independent workshops to update vehicleswith software functions in a secure and controlled manner.

In an advantageous development of the inventive method, the accessapplication is compiled by the manufacturer of the specific vehicle. Inthis way, it is ensured that also independent workshops use the propervehicle parameters.

BRIEF DESCRIPTION OF DRAWINGS

The invention will be described in greater detail in the following, withreference to the attached drawings, in which

FIG. 1 shows a schematic view of an arrangement for storing a data setin an ECU in a vehicle according to the invention, and

FIG. 2 shows a schematic flow chart of an inventive method for storing adata set in an ECU in a vehicle control system according to theinvention.

DETAILED DESCRIPTION

The embodiments of the invention with further developments described inthe following are to be regarded only as examples and are in no way tolimit the scope of the protection provided by the claims.

FIG. 1 a schematic view of an arrangement for storing a data set in anECU in a vehicle according to the invention. In the description, anindependent workshop is used as an example of a user of the arrangement,and a truck is used as an example of a vehicle. Other types of users areof course also possible, such as workshops approved by the manufactureror company-owned workshops. Other types of vehicles are also possible,such as passenger cars, buses, construction vehicles, boats and thelike. The arrangement 1 comprises a computer means 2 connected to thevehicle 6, where the computer means is adapted to execute an accessapplication 3 comprises vehicle specific information 4 and serviceaction specific information 5, where the information is encrypted. Thecomputer means is connected to the vehicle control system of thevehicle, and more specifically to an ECU 7 of the vehicle. The accessapplication is compiled in a remote location outside of the workshop,preferably at a central database 8 of the manufacturer of the vehicle,where information regarding the different vehicles and different serviceactions are stored.

The computer means is adapted to decrypt the vehicle specificinformation and the service action specific information such that theinformation can be forwarded to the ECU of the vehicle and can be storedin a memory area in the ECU. The service action information alsocomprises information for retrieving a password from the encryptedinformation. The access application is adapted to unlock the vehicle ECUby sending the password from the computer means to the ECU. When the ECUis unlocked, the service action is performed, in which service actionspecific information is stored in the ECU. After the service action iscompleted, the ECU is locked by sending a lock command to the ECU fromthe computer means. When the complete update is finished, the accessapplication software code is corrupted such that it cannot be usedagain.

It is also possible that the computer means are connected to more thanone ECU in order to update information in more than one ECU in the sameoperation, should e.g. the required information be stored in more thanone location or if different ECU's stores the same information in theirmemories. This can be done by either unlocking one ECU after the otheror by unlocking all ECU's at the same time.

In the workshop, a vehicle that is to be inspected is connected to adiagnostics instrument, e.g. a dedicated diagnostics instrument or acomputer means provided with diagnostics software for the specificvehicle, and the inspection software is run on the diagnosticinstrument. Depending on the type of inspection that is to be performed,different software modules may be run. When the diagnostic is ready, thediagnostics instrument can give a message reporting what part of thevehicle is faulty or broken. In one example, a sensor, e.g. an airquantity sensor in the air intake of the vehicle is broken. Thediagnostic instrument detects the faulty sensor and provides a readoutsaying that the sensor needs to be replaced. It is of course alsopossible that the workshop detects the broken sensor without thediagnostic instrument. If the sensor is faulty but not broken, thediagnostic software may report that a recalibration of the sensor isenough to solve the problem.

To replace the sensor, the workshop will order a new sensor. At the sametime, the workshop also orders an access application from themanufacturer of the vehicle. When ordering the access application, theworkshop specifies the component for which the access application is tobe adapted, e.g. by specifying an error code supplied by the diagnosticsinstrument or by using a component number, together with the specificvehicle for which the access application is to be used, e.g. byspecifying the vehicle serial number. In this way, the manufacturer willknow exactly what type of access application that is required. The datafor the access application is collected from a central database of themanufacturer, and the access application is compiled by the manufacturerand stored on a computer-readable and computer-writable storage means.The compiled access application can also be sent to the workshop throughthe internet or by another communication link. If the sensor is only tobe recalibrated, the access application will comprise data code adaptedfor a recalibration procedure. The compiled computer executable softwareaccess application will allow only this service action to be performedon that specific vehicle at one time.

In order to replace the sensor or to recalibrate the sensor, there is aneed for the workshop to alter data in the ECU associated with thesensor. For a recalibration, new calibration data for the sensor isstored the ECU. The calibration data may be supplied in the accessapplication or may be measured and read by the diagnostics instrument.When the sensor is replaced, a new set of calibration parameterscorresponding to that specific sensor is stored in the ECU. Since thesedata influences the performance of the vehicle, the area of the ECUwhere the data is stored is locked for unauthorised access. Thus, theworkshop cannot store the new data in the ECU for the replaced orrecalibrated sensor without an authorisation. In the inventivearrangement, the authorisation is comprised in the access application.

When the workshop receives the access application, the vehicle isconnected to the computer means constituting an update instrument of theworkshop. This update instrument may be a dedicated computerized updateinstrument or may be a computer provided with update software. It mayalso be the same as the diagnostics instrument, running an updatesoftware. The computer means may be provided by the manufacturer of thevehicle or by an independent tool vendor, or may be a regular personalcomputer. The access application is executed in the update instrument.The access application will first decrypt itself, retrieving the vehiclespecific information and the service action specific informationtogether with a password, such that it can communicate with the ECU inthe vehicle. The first step of the update is to send an unlock commandto the ECU. The unlock command comprises a password that will unlock theECU to allow the update instrument to alter data in the ECU. It may beenough with one password for gaining access to the complete ECU, ordifferent passwords may unlock different parts of the ECU area. When theECU has received the proper password and is unlocked, an unlockacknowledge message is sent to the update instrument.

The update instrument will now perform the needed service action. Inthis example, new calibration data for the replaced sensor is to bestored in the ECU. For a new sensor, the calibration parameters may beincluded in the access application when the access application iscompiled by the manufacturers' database, or the calibration parametersmay be inputted by the workshop. When all calibration data is stored inthe ECU in a proper way, the ECU sends a confirmation message to theupdate instrument. The access application will now send a lock commandto the ECU, which will lock itself such that no access is allowed to theECU. The ECU will acknowledge that it is locked by sending a lockacknowledge message to the update instrument. When the ECU is locked,the update procedure is completed.

The access application will now, as a last step, corrupt some of theaccess application software code such that the access application cannotbe used again. This may be done by altering or removing parts of theaccess password or by corrupting parts of the access application data ofthe software. The access application may e.g. comprise a counter that isincremented every time the access application is used. When the accessapplication has been used the predefined number of times, the counterwill reach the predefined number and can thus not increment anymore. Thecounter is not incremented if the operation was not successful. It isalso possible to use a decrypt key that is changed by the accessapplication such that it cannot be used anymore. It is thus importantthat the access application is stored on a writable media. It is alsopossible to set a flag in the access application when the accessapplication is opened that indicates that the access application may notbe opened again. This flag is confirmed by the lock acknowledge messagefrom the ECU and is stored in the access application. Regardless of howthe software code of the access application is corrupted, i.e. madenon-executable, it cannot be used another time for any type of action.In this way, it is secured that an additional access to the ECU isprohibited, such that it is impossible to use the access application totamper with any other part of the vehicle system.

When the sensor is to be recalibrated, the compiled access applicationwill contain recalibration software that can be used by the workshop forone single recalibration of the air quantity sensor. In the same way asdescribed above, the update instrument will run the access application.It will unlock the ECU and when the ECU has sent an unlock acknowledgemessage to the update instrument, the recalibration of the sensor canstart. The sensor is recalibrated in a known manner. When therecalibration is finished, the access application will lock the ECU anda lock acknowledge message is sent to the update instrument. The accessapplication will then corrupt the code of itself such that it cannot beused again.

In this way, it can be ensured that the specifications of the vehiclecorrespond to the original specifications for that vehicle type, asguaranteed by the manufacturer. The manufacturer will also be able totrack all changes in the ECUs of the vehicle, since all issued accessapplications will be stored in the database together with the specificuse of the access application.

In another example of the invention, the access application is used toadd an additional software module to an ECU of the vehicle controlsystem. This may include adding a further function to an existingsoftware system, such as adding a further navigation feature to anavigation system. It may also include adding or enabling a softwarefunction required for an added vehicle component, such as enabling alight output in a light control ECU when a light switch is added. Theaccess application is ordered from the central database in the same wayas described above. When a vehicle component is added, the accessapplication may already be ready in the database and can be forwarded tothe workshop by entering a code attached to the hardware part.

When the access application is run at the workshop, the ECU is unlockedby the access application. The software module is then downloaded to apredefined area in the ECU memory that is foreseen for additionalsoftware modules. By reserving a specific memory area in the ECU, it isensured that the original software of the ECU cannot be changed oraltered. When a software module that is already present in the ECU is tobe enabled, an enabling code is sent to the ECU that will enable thatspecific function. When the new software module is stored, or thesoftware module is enabled, a confirm message is sent to the updateinstrument indicating that the data is stored properly. The ECU is thenlocked again. When the operation is completed, the access applicationwill self-destruct by corrupting the data code such that it cannot beused again.

The inventive arrangement and method is adapted for updating dataparameters or adding a software module to existing software in an ECU.The access application used will thus communicate with the ECU and willstart by unlocking the ECU such that these data can be received andstored. The arrangement is not intended for a complete reprogramming ofan ECU. A complete reprogramming should be handled by the manufacturerin order to secure that the reprogramming is performed in a propermanner. The inventive arrangement is thus intended to allow independentworkshops to perform repairs on vehicles that include an update of datain at least one ECU in the vehicle. By using an access applicationcompiled by the manufacturer, the independent workshop will be able touse original software which is updated to the latest standard which inturn ensures that the vehicle is updated in a proper manner.

The inventive arrangement also allows independent tool manufacturer tosupply update instruments to workshops, in which original software froma manufacturer can be used to update the vehicle. At the same time, anunallowable external access to the ECUs is prohibited and by usingsoftware that is only possible to use once, it is further prohibitedthat the software is used more than once. The manufacturer will thushave a good control of the data installed in the vehicle.

The access application can also be adapted for a predefined number ofvehicles, such that the access application can be used to update apredefined number of vehicles before it is corrupted. The accessapplication can also be adapted to update more than one ECU of a vehiclein the same operation, using the same access application or to updateinformation of more than one component in the same operation. In thisway, the workshop can perform all necessary actions on a vehicle in thesame operation, using the same access application.

FIG. 2 shows a schematic flow chart of a method for storing a data setin an ECU in a vehicle according to the invention.

In step 100, the computer means connected to the vehicle executes anaccess application, where the access application comprises vehiclespecific information and service action specific information and wherethe information is encrypted.

The access application is encrypted in step 110 such that the vehiclespecific information and service action specific information isretrieved.

In step 120, the ECU of the vehicle is unlocked by sending a passwordfrom the access application of the computer means to the ECU. The ECUmay send an unlock acknowledge message back to the computer means toconfirm the unlock operation.

The service action is performed in step 130 by storing the serviceaction specific information in the ECU of the vehicle control system.The ECU may confirm the completion of the service action by sending acompletion message back to the computer means to confirm the serviceaction.

After the completion of the service action, the ECU is locked in step140 by sending a lock command to the ECU from the access application ofthe computer means, such that unauthorised access to the ECU is furtherprohibited. The lock of the ECU may be acknowledged by sending a lockacknowledge message back to the computer means.

In step 150, the data code of the access application is corrupted by thecomputer means such that the access application cannot be used again.

The invention is not to be regarded as being limited to the embodimentsdescribed above, a number of additional variants and modifications beingpossible within the scope of the subsequent patent claims.

REFERENCE SIGNS

-   1: Arrangement for storing data-   2: Computer means-   3: Access application-   4: Vehicle specific information-   5: Service action information-   6: Vehicle-   7: ECU-   8: Database

1. An arrangement for storing a data set in an ECU in a vehicle controlsystem when updating data of a vehicle in a workshop, wherein thearrangement comprises a computer constituting an update instrument ofthe workshop connected to the vehicle, where the computer is adapted toexecute an access application comprising vehicle specific informationand service action specific information, and where the information isencrypted, where the computer is adapted to decrypt the vehicle specificinformation and the service action specific information, to unlock thevehicle ECU by sending a password from the computer means to the ECU, toperform a service action by storing service action specific informationin the ECU and to lock the ECU by sending a lock command to the ECU fromthe computer, wherein the arrangement is adapted to corrupt the accessapplication software after the service action specific information isstored in the ECU and when a lock acknowledge message is received by thecomputer from the ECU such that it cannot be used again.
 2. Arrangementaccording to claim 1, wherein the access application is adapted to beused for a predefined number of vehicles, and that the corruption of theaccess application software is performed after the access applicationhas been used the predefined number of times.
 3. Arrangement accordingto claim 1, wherein the arrangement is adapted to update one or moredata parameters corresponding to a vehicle component.
 4. Arrangementaccording to claim 1, wherein the arrangement is adapted to add asoftware module to an existing software in the ECU.
 5. Arrangementaccording to claim 1, wherein the access application is compiled by themanufacturer of the specific vehicle.
 6. Arrangement according to claim1, wherein the access application comprises information that will unlockmore than one ECU in the vehicle.
 7. Arrangement according to claim 1,wherein the access application for a specific vehicle is compiled by themanufacturer of the vehicle when a workshop demands it.
 8. Arrangementaccording to claim 1, wherein an access application that comprises datacorresponding to a specific hardware part is compiled when the hardwarepart is produced.
 9. Arrangement according to claim 8, wherein theaccess application is linked to the hardware part by a unique number andthat the access application can be retrieved by sending the uniquenumber to the manufacturer of the hardware part and/or to themanufacturer of the vehicle.
 10. A method for storing a data set in anECU in a vehicle control system, where the method is performed in a workshop, comprising: executing an access application on a computer in awork shop connected to the vehicle, where the access applicationcomprises vehicle specific information and service action specificinformation, where the information is encrypted, decrypting the vehiclespecific information and the service action specific information by theaccess application, unlocking the vehicle ECU by sending a password fromthe access application to the ECU, performing a service action bystoring service action specific information in the ECU, locking the ECUby sending a lock command to the ECU from the access application, andcorrupting the access application software such that it cannot be usedagain.
 11. Method according to claim 10, further comprising: sending anunlock confirmation message from the ECU to the access application whenthe password has been received and the ECU is unlocked, sending acompleted message from the ECU to the access application when theservice action specific information has been successfully stored in theECU, sending a lock confirmation message from the ECU to the accessapplication when the ECU is locked.
 12. Method according to claim 10,wherein the service action comprises an update of data parameterscorresponding to a vehicle component.
 13. Method according to claim 10,wherein the service action comprises adding a software module to anexisting software in the ECU.
 14. Method according to claim 10, whereinthe access application is compiled by the manufacturer of the specificvehicle.
 15. A computer comprising program code for performing all thesteps of claim
 10. 16. A computer program product comprising programcode stored on a non-transitory computer readable medium for performingall the steps of claim 10.